Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Glassdoor' disclosed a bug submitted by b'z3ron3' 
b'Open Redirect '
08 Apr 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'misop00p' 
b'Health check errors silently dropped when channel buffer full'
07 Apr 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'shiva2550' 
b"IDOR on via direct photo URL leads to unauthorized access to deleted and other users' photos"
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'mzfr' 
b'no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list'
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'mzfr' 
b'FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse'
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'cutiapretaa' 
b'Improper enforcement of CURLOPT_SOCKS5_AUTH due to missing reuse key validation in libcurl'
07 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'downgrade' 
b'Cross-Site Leakage of Review Ownership via Navigation Detection'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'zorixu' 
b'eflected Vulnerability in Glassdoor Blog earch'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'imtheking' 
b'Full account takeover without user Interaction '
06 Apr 2026 timeline
b'Monero' disclosed a bug submitted by b'jehrenhofermagicgrants' 
b'Reported Denial of Service'
06 Apr 2026 timeline
b'Monero' disclosed a bug submitted by b'jehrenhofermagicgrants' 
b'Reported RPC Overflow'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'avielt' 
b'Unauthorized usage of External API Key (Usage of Google Maps API Key ==> $$$'
06 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'spiderchan26' 
b'# SCURLOPT_SSH_KNOWNHOSTS and host fingerprint pins are silently bypassed when an SSH connection is reused from the connection pool'
06 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'divsz' 
b'SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)'
06 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'spichanlio76' 
b"ignoring 'options' when doing connection reuse"
05 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'intrax' 
b'Data race in Curl_dnscache_add_negative() corrupts shared DNS cache heap corruption and double-free when using CURLOPT_SHARE with CURL_LOCK_DATA_DNS'
04 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'rougerseven7' 
b'Internal application wrapper or script using curl'
03 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'intrax71' 
b'Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning'
03 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'calaba_zas' 
b'Cookie attribute TAB injection regression in Set-Cookie parsing'
03 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'whitehat411' 
b'Bypassing Strict SSH Server Verification via Connection Pool Reuse in libcurl'
31 Mar 2026 timeline
1 ... 3 4 5 6 7 ... 761
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM